JP4929048B2 - Content distribution service system - Google Patents

Description

  The present invention relates to a content distribution service system for distributing digital content, and in particular, in a service provided jointly by a broadcaster and an ISP (Internet Service Provider), broadcast content is protected while protecting the privacy of the viewer. It relates to technology that analyzes trends and reflects them in improving service content.

  In the content distribution service provided using the Internet, even if it appears to be a single service provided by a single operator to end users, multiple services and multiple operators are used in the backyard. Operated in cooperation with each other. Conventional business models have been subdivided (decomposition), for example, business components such as content creation, content distribution, billing, and settlement have been componentized, and these can be freely recombined through a network. As a result, various business forms resulting from various combinations of components have been born.

  A site that serves as a window for an end user and provides a consistent application by linking a plurality of services is called a portal site. In the portal site, the information received from the end user (user name, age, ID of content to be viewed, consideration payment means, etc.) needs to be notified to the sub service provider of the cooperation destination as necessary. Cooperating business operators can perform their respective tasks such as billing and authentication only after obtaining user information.

  Other marketing activities will improve the quality of services through the use of personal information, for example, by analyzing user ratings and trends, analyzing audience ratings, and correcting the direction of new content creation. be able to.

  In recent years, the Personal Information Protection Law has been enacted, and business operators have been obliged to be responsible for the safety protection of personal information. In particular, when providing a content distribution service in which a plurality of companies cooperate, it is indispensable to transmit and receive personal information via the Internet. It is necessary to take necessary measures for safety management (Article 20) and to supervise employees and contractors (Articles 21 and 22).

  Conventionally, techniques for performing personal information protection measures in content distribution services include the following.

  In Japanese Patent Laid-Open No. 2006-352438 (Patent Document 1), the broadcast receiving terminal displays an option for selecting participation / non-participation in the audience rating survey, and accepts and accepts a user's selection operation for the option. The user's selection operation information is held, and when the selection operation information held indicates participation in the audience rating survey, the viewing state collection operation by the collection unit and the transmission operation by the transmission unit are performed. The privacy of users who do not want to participate in audience rating surveys is allowed.

  Japanese Patent Laid-Open No. 2006-222574 (Patent Document 2) issues a confirmation dialog to collect personal information when collecting the content evaluation results of the user, and includes the personal information in the collected data when calculating the audience rating. We are operating without leaving.

  Further, in the pamphlet of International Publication No. 2004/045221 (Patent Document 3), in order to improve the service by analyzing the device operation history of the user, the same content viewing history data specified by a common identifier is used. For a content having an identifier, a series of operation patterns performed on the plurality of devices is extracted, and an operation pattern commonly performed on content having a common attribute is specified from the extracted operation patterns. The specified operation pattern is applied to other contents having the attribute.

Japanese Patent Laid-Open No. 2004-213645 (Patent Document 4) does not authenticate the user when distributing and collecting the user questionnaire, but authenticates only the user attribute (for example, an attribute of 20 years or older). To protect the privacy associated with disclosing the contents of the questionnaire.
JP 2006-352438 A JP 2006-222574 A International Publication No. 2004/045221 Pamphlet JP 2004-213645 A

  However, Patent Document 1 does not disclose anything about the protection of collected personal information of real names. For this reason, personal information cannot be protected in internal crimes or in transmission / reception of information to a collaborating company.

  In addition, in Patent Document 2, although it is safe because it originally collects information anonymously (with the consent of the individual), it does not analyze the personal information that can be collected originally, which may result in the loss of business opportunities to improve services There is.

  Moreover, in patent document 3, since the operation pattern which the same person performs is not analyzed, a personal bias cannot be reflected.

  Further, in Patent Document 4, in order to distribute a questionnaire originally, it is premised that the personal information of the distribution destination is known. For this reason, for example, when conducting a questionnaire once a year, it is impossible to analyze the annual transition of a plurality of questionnaire contents written by the same person.

  As shown in FIG. 21, in the conventional technique for protecting personal information, it is necessary to abandon performing personal analysis while maintaining anonymity as in Patent Document 2 and Patent Document 3. Or like patent document 1 and patent document 4, while grasping | ascertaining a real name, it is not utilized and it does not perform a personal analysis.

  Therefore, the conventional technology for protecting personal information assumes a business form composed of only a simple participant, that is, a service provider and a user, and does not consider subdivision of the business model and cooperation of a plurality of business operators. For this reason, the transmission and reception of personal information between business operators has not been fully studied, and personal information that can be used for marketing purposes has been abandoned. There was a problem such as.

  Therefore, an object of the present invention is a service system for distributing digital contents, and in particular, in a service provided jointly by a plurality of companies, analyzing the trend of the viewer while protecting the privacy of the viewer. The purpose is to provide a system that reflects the improvement in service content.

  By analyzing which content is attracting attention by what people, it becomes possible to take measures such as modifying the direction of future content creation to suit the needs, or devising the content fee structure, Service can be improved. The viewer trend analysis method using the access log generated in the content distribution service mainly includes the analysis of the audience rating of the content and the analysis of the correlation between the contents.

  When the correlation between contents is analyzed, it can be seen that many people who have seen a certain content A often look at another content B as well. By knowing the correlation, it is possible to improve the service, such as knowing that sales promotion of the content B (so-called recommended content) is effective for the person who has seen the content A.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in the present application, the outline of typical ones will be briefly described as follows.

A content distribution service system according to the present invention includes a portal A server, a portal B server, an identification data server, a customer master data server, and an access log server connected to a viewer terminal and a network, and distributes digital content to the viewer terminal. In this content distribution service system, the customer master data server stores the attribute information of the user who uses the viewer terminal, and the portal A server has two types of identification based on the attribute information stored in the customer master data server Data a and identification data b are generated, identification data a is stored in the identification data server, identification data b is stored in the viewer terminal, and when there is a request for user attribute authentication, identification data a and identification data b Authenticate by verifying the customer master data server user attributes The kana information is generated in association with the information, stored in the identification data server, and when the user requests to use the kana information on the portal B server, the portal A server entrusts the kana information to the user. Licensed for use on Portal B server,
The portal B server issues a permission to use the kana information to the user and distributes the digital content managed by the portal A server to the user as it is, and the portal A server and the portal B server are based on the kana information. The service of the portal A server and the service of the portal B server are performed in cooperation, and the access log server records the kana information and the digital content information as an access log when the user views the content. A plurality of access logs are associated with logs from the same user, and the recorded access logs are analyzed to calculate the audience rating and the correlation between contents.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  It is not possible to identify an individual by referring to only the log using the pseudonym, but when multiple logs using the same pseudonym are viewed, it is possible to identify which log is the log left by the same person. Can do. For this reason, it is possible to analyze the audience rating analysis and the calculation of the correlation between contents in detail.

  Therefore, it is a service system that distributes digital content, and in particular, for services provided jointly by multiple companies, while analyzing the viewer's trends while reflecting the privacy of the viewer, it is reflected in improving the service content. A system can be provided.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

  The present invention is a content distribution service system for distributing digital content, and in particular, in a service provided jointly by a plurality of companies, while analyzing the viewer's trend while protecting the privacy of the viewer, the service content This was achieved by providing the following system configuration that can be used for actual purposes.

  In the content distribution service system of the present invention, the portal A server, portal B server, identification data server, A customer master data server, management server B, content distribution server, license issuing server, access log server, viewing connected to the network The operator terminal is provided and operated by one or a plurality of operators.

  Further, user attribute information is stored in the A customer master data server, two types of identification data a and identification data b are generated based on the attribute information, the identification data a is stored in the identification data server, and the identification data b is stored in the viewer terminal. Is stored. When attribute authentication is requested, authentication is performed by comparing identification data a and identification data b.

  Further, kana information is generated in association with the user of the A customer master data server and stored in the identification data server. Here, when there is a use request from the user to use kana information at the portal B, the kana information is entrusted to the user and the use at the portal B is permitted.

  Furthermore, when the user obtains the permission to use the kana information from the portal B, the user performs both services of the portal A portal B in cooperation with the kana.

  Furthermore, in the content distribution service linked with the service, the kana ID, time, content ID, identification data, and the like are recorded in the access log server as the user's history when viewing the content. Analyze the collected access logs and calculate the audience rating and correlation between contents. The obtained user trends and preferences are reflected in the content generation plan, and are reflected in the fee structure and the index screen system describing the service contents, thereby improving the service.

(Embodiment 1)
The configuration and operation of the content distribution service system according to Embodiment 1 of the present invention will be described with reference to FIGS. 1 is a block diagram showing a configuration of a content distribution service system according to Embodiment 1 of the present invention, FIG. 2 is a block diagram showing configurations of a portal server and a viewer terminal of the content distribution service system, and FIG. 3 is a content distribution service. FIG. 4 is an explanatory diagram for explaining the access log management screen of the access log server. FIG. 5 is a database of the A customer master data server, the identification data server, and the management server B. FIG. 6 is an explanatory diagram for explaining the table, and FIG. 6 is an explanatory diagram for explaining the table in the content attribute information DB of the content distribution server.

  First, it is assumed that the content distribution service system is a content distribution service in which video content owned by the provider A (broadcast station) is lent to the provider B (ISP: Internet Service Provider) and the business is led by the ISP. To do. Hereinafter, video content is shown in the present embodiment when it is simply referred to as content. However, the present embodiment is not limited to video content, and can be applied to various content such as still images, music, and documents.

  As shown in FIG. 1, the content distribution service system includes a portal A server 101, a portal B server 108, an identification data server 103, an A customer master data server 104, a management server B 105, a content distribution server 106, a license connected to a network. The issue server 107, the access log server 102, the viewer terminal 109, and the communication infrastructure 110 are included.

  By using a mobile phone communication network as the communication infrastructure 110 used by the viewer terminal 109, the viewer terminal 109 and the server group can be connected via the Internet 111. A plurality of wireless network base stations 113 are arranged throughout the country, and the viewer terminal 109 and the wireless network base station 113 can be connected. The wireless network base station 113 connected to the viewer terminal is connected to the Internet via the fixed network connection device 112. 111 is connected. The communication infrastructure 110 is provided with basic functions for billing and fee collection agency, and billing according to the service usage status of the user, payment collection agency, settlement of revenue sharing between the operators A and B Can be done automatically. Alternatively, a PC (Personal Computer) or an information home appliance may be used as the viewer terminal 109, and an Internet connection facility such as an optical fiber network, an ADSL network, or a dedicated line may be used as the communication infrastructure 110.

Operator A (broadcast station) operates the following servers:
Portal A server 101
Identification data server 103
・ A customer master data server 104
Access log server 102
The portal A server 101 includes an ID cooperation A unit 114 that performs service cooperation using a pseudonym, an attribute authentication A unit 117 that authenticates only a specific attribute from user information including personal information, and prevents wiretapping and tampering. A encryption / decryption means 115 and identification data calculation means 116 for processing identification data used for attribute authentication. The identification data server 103 includes an identification data management unit 118 and an identification data DB (Database) 119. The A customer master data server 104 includes an A customer data management unit 120 and an A customer master DB 121 that stores user information that requires privacy protection. The access log server 102 includes an access log analysis unit 131 and an access log DB 132. The access log is recorded at the time of attribute authentication.

Operator B (ISP) operates the following servers:
Portal B server 108
Management server B105
Content distribution server 106
License issuing server 107
The portal B server 108 includes an ID cooperation B means 125 that performs service cooperation using a pseudonym, an attribute authentication B means 127 that authenticates only specific attributes from user information including personal information, and prevents wiretapping and tampering. B encryption / decryption means 124 and service provision means 126. The management server B 105 includes a B customer data management unit 122 and a B customer DB 123 that stores user information requiring privacy protection. The content distribution server 106 includes a content management unit 129 that encrypts content and distributes the content in response to a request, a program attribute 128, and a program content 128.

  Here, even if the user information in the A customer master DB 121 and the user pointed to by the user information in the B customer DB 123 are the same person, since the business entity is different, the two types of user information including typographical omissions are subtle. In the past, collation was difficult. In addition, it is difficult to collate DBs using attributes such as address and date of birth, because it is necessary to send the personal information to other business operators, and there is a threat of leaking personal information. . In the present embodiment, the kana ID is used to collate that the user pointed to by the user information in the A customer master DB 121 and the user information in the B customer DB 123 are the same person.

  The A customer master data server 104 stores user attribute information. Two types of identification data a and b based on the attribute information are generated, and identification data a and identification data b (secret information) are stored in the identification data server 103 and the viewer terminal 109, respectively. When there is a request for attribute authentication to the portal A server 101, authentication can be performed by comparing a and b. User attribute information refers to the presence or absence of membership of another service provided by the operator A alone. The user attribute information may be attributes such as age and address.

  The portal A server 101 generates pseudonym information in association with the user information managed by the A customer master data server 104 and stores it in the identification data server 103. The kana information includes a kana ID uniquely given to the user. Here, when there is a use request from the user to use the same kana information in the portal B server 108, the kana information is entrusted to the user and the use in the portal B server 108 is permitted. Further, when the user obtains permission to use the pseudonym information from the portal B server 108, the user can receive a service in which both service functions of the portal A server 101 and the portal B server 108 are linked as they are.

  In the portal B server 108, the service providing unit 126 serves as a window for the entire content distribution service, and performs services such as content selection, distribution, and accounting to the user. A case where a user is a member who belongs to the service of only the business operator B and a case where the user is a member who belongs to the services of both the business operators A and B are distinguished using the attribute authentication, and the service of the business operator B The content can be provided by level for each user. Specifically, the membership qualification of the operator A is attribute-authenticated, and the number of contents accessible by the user is changed according to the authentication result. In another example, it is possible to provide a service that reflects regional characteristics, such as authenticating the address attribute and changing the video seen by people living in Osaka and the video seen by people living in Tokyo. Or you may combine with the technique of user authentication or terminal authentication, without using attribute authentication. For example, device authentication can be performed by inserting a memory card storing secret information in a secure memory area into the viewer terminal 109 and communicating with the server.

  The content distribution server 106 encrypts the content 128 with the encryption key, and distributes the encrypted content to the authenticated viewer terminal 109. The license issuing server 107 distributes license information including the decryption key of the content 128 to the authenticated viewer terminal 109. The viewer terminal 109 can decrypt and view the content 128 using the license information. It is generally easy to apply such DRM (Digital Rights Management) technology.

  In a content distribution service in which services are linked between the operators A and B, a kana ID, time, content ID, identification data, and the like are recorded in the access log server 102 as the user's history when viewing the content. Analyze the collected access logs and calculate the audience rating and correlation between contents. In addition, customer relationship management (CRM) can be easily realized. The obtained user trends and preferences can be output to a report to be reflected in the content generation plan, and can be automatically reflected in the fee system, service contents, index screen system, etc. to improve the service.

  As shown in FIG. 2, the portal A server 101 includes a public key / private key 209 for the business operator A, a business operator B public key 208 exchanged with the business operator B, and further includes the following control means.

User screen control A means 203
Identification data update unit 202
A initial registration means 210
A_ID authentication means 204
P_ID authentication means 205
ID linkage A means 207
Attribute matching A means 206
DB control A means 201
As shown in FIG. 2, the portal B server 108 includes a public key / private key 215 for the business operator B, a business operator A public key 214 exchanged with the business operator A, and further includes the following control means.

User screen control B means 218
B initial registration means 217
B_ID authentication means 216
ID linkage B means 213
Attribute matching B means 212
DB control B means 231
The viewer terminal 109 displays screen information provided by a content viewer 226 that decrypts encrypted content with a decryption key or views plain-text video content, and a server written in an HTML (HyperText Markup Language) -based language. Browser 227 and a license acquisition means 228 for receiving a license (including a content decryption key) issued from the license issuance server 107. Further, the viewer terminal 109 holds local storage information 229 such as B_ID and A_ID. The local storage information 229 and the secret information 130 are technically equivalent.

  A_ID is an ID that is provided to the user of the content distribution service by the business operator A. Operator B is not directly involved in the presence of A_ID. By the A_ID authentication means 204, the business operator A authenticates that the user who knows or holds the A_ID is a valid user. The A_ID authentication means 204 may require the user to input a password combined with A_ID.

  B_ID is an ID that is provided to the user of the content distribution service by the business operator B. Operator A is not directly involved in the presence of B_ID. By the B_ID authentication means 216, the business operator B authenticates that the user who knows or holds the B_ID is a valid user. The B_ID authentication unit 216 may require the user to input a password combined with B_ID.

  P_ID is a pseudonym ID of the user of the content distribution service, and the service provider A and the service provider B share this to perform a cooperative service. That is, one user is given A_ID from the operator A and B_ID from the operator B. P_ID is related to A_ID by ID link A means 207 of business operator A. Further, the P_ID is related to B_ID by the ID cooperation B means 213 of the operator B. The issue management of P_ID is performed by the business operator A in the present embodiment, but may be performed by the business operator B.

  Here, a flow when providing a service established by cooperation between the business operator A and the business operator B will be described. First, after the user X is authenticated by the A_ID authentication means 204 of the business operator A as a valid user, the user X is issued a pseudonym ID (P_ID). The pseudonym ID is encrypted with the public key 208 of the operator B, and passed to the user X as encrypted pseudonym ID information.

  For this reason, even if there is a person Y who is trying to eavesdrop on the communication line, the information on the pseudonym ID cannot be viewed by the user X himself / herself. Secondly, after the user X is authenticated by the business operator B by the B_ID authentication means 216 and authenticated as a legitimate user, the business person B sends the encrypted pseudonym ID information to the business operator B. hand over. The business operator B receives the encrypted pseudonym ID information held by the user X managed by B_ID. The pseudonym ID can be extracted by decryption using the business operator B private key 215. Third, the user requests the service provision of the business operator B based on the attribute information managed by the business operator A. The attribute collation B means 212 uses the pseudonym ID to inquire the attribute information of the user X to the operator A, and the attribute collation A means 206 of the operator A receives attribute authentication.

  The business operator B appropriately controls the content distribution server 106 and the license issue server 107 by the service providing unit 221. Thereby, an appropriate service according to the attribute authentication result can be provided.

  When using the service, the user performs various procedures in the portal B server 108 and the content distribution server 106 by operating the viewer terminal 109. When the user selects content that the user wants to see, a content ID (C_ID) that uniquely identifies the content is selected as processing on the server side. In the case of content that requires the attribute authentication of the portal A server 101, the user explicitly or implicitly performs the process at the portal A server 101 through the procedure of the ID linkage B means 213 and the attribute authentication means 220 on the portal B server 108 side. Get certified. At this time, logs that can be acquired by the portal A server 101 are recorded in the access log server 102.

As shown in FIG. 3, the access log server 102 includes an access log analysis unit 131 and an access log DB 132. Further, the access log analysis means 131 includes the following functional blocks:
Management screen / counting means 321
-Viewing log list display means 322
-Viewing log total display means 323
Correlation display means 324
・ Viewing number counting means 319
Correlation value aggregation means 320
The access log DB 132 includes an access log table 301, an intermediate table 302, a viewing number table 303, and a correlation table 304. The access log table 301 stores a log ID 305, a content ID 306, a pseudonym ID 307, a date 308, and an identification data validity determination result 309. In the identification data validity determination, the identification data held in the viewer terminal 109 is received, and the determination is performed by collating with the attribute in the identification data server 103. The intermediate table 302 stores a content viewing history for each pseudonym user for aggregation.

  The number of views table 303 stores the number of views for each content ID. The correlation table 304 stores a correlation calculation result for each content ID. The essential log information is the access log table 301. The intermediate table, the viewing number table, and the correlation table may be stored in a memory in the access log analyzing unit, and the viewing number totaling result and the correlation calculation result may be directly output from the access log table.

  The administrator uses the access log analysis unit 131 to access the management screen / totaling unit 321 and call the management screen / totaling unit 321. The management screen / aggregating unit 321 further calls the viewing number totaling unit 319 and the correlation value totaling unit 320 to calculate the viewing number and the correlation from the values in the intermediate table 302. Store in table 304.

  The administrator can view the list of the access log table 301 using the viewing log list display means 322. The administrator can view a list of the viewing number table 303 using the viewing log total display means 323. The administrator can view a list of the correlation table 304 using the correlation display means 324.

  Various calculation methods can be used to calculate the correlation between contents. As a correlation index, reliability (Confidence), support (Support), and lift value (Lift) are often used. When calculating the correlation between the content X and the content Y, the reliability C represents the strength of the correlation, and is a percentage display of the ratio of the Y history following the X history. The support degree S is an index indicating the rate at which combinations of X and Y occur in the entire database D. The lift value is a value obtained by dividing the reliability by the expected reliability. Each can be calculated by the following formula.

C = P (X & Y) / P (X)
S = P (X & Y) / P (D)
L = C / P (Y)
A combination of X and Y with high reliability indicates that it is a natural combination. A combination with a high level of support indicates a large influence on all customers. A high lift value indicates that there are many combinations. These calculation results may be output and displayed as content correlation. It is also possible to set a threshold value for a large value or a small value, and to control the output of noise exceeding the threshold value as noise. Here, when information on contents X and Y having an effective correlation exceeding a certain threshold is obtained, this information is reported and a service is automatically provided as a service improvement measure. You can also.

  For example, among users who have seen X, a user who has not yet seen Y can be identified and promoted to view content Y. At this time, on the premise that the use permission of personal information is obtained, the promotion mail can be automatically transmitted by managing the contact mail address together with the kana information. Further, when the user accesses the portal site, the information on the content Y can be automatically posted on the welcome page as recommended content.

  In another example, when a plurality of contents are sold as a set or a service provision method such as a bargain pack is taken, which contents combine with each other will lead to the user's merit, automatically depending on the result of the above correlation calculation Combination products can also be generated.

  In yet another example, by counting the number of views per kana user, it is possible to count how many times and how many times a user has viewed the content per week. These user trends can be divided into several groups by performing a correlation analysis. As a billing mode for users, pricing is often done for how much content, and user trend analysis automatically calculates how many of these "numbers" should be. Therefore, the accounting method can be appropriately switched according to the usage status of the user.

  In addition to the correlation between contents, another correlation between users can be calculated as customer relationship management. When two data strings p = {pi} and q = {qi} are given, the correlation coefficient r can be calculated as a statistical index indicating the correlation (degree of similarity) between the two data strings. . By comparing the content viewing history in the intermediate table, it is possible to evaluate the preference similarity between users. In the description of the embodiments so far, the user information is a pseudonym, but an analysis use scene where a person having the same preference wants to specify what kind of group is assumed. In such a case, analysis can be performed by providing a user attribute necessary for analysis in addition to the kana ID as kana information in advance. For example, if an address or age attribute is given and managed in pairs with a pseudonym ID, a group with a specific preference may be based on regionality or generation. Can be analyzed.

  As shown in FIG. 4, the management screen 401 of the access log server is output when the administrator selects a predetermined function of the access log server. When the totaling operation is selected, the screen 402 on which the totaling process is performed can be output and the original screen 401 can be returned. When the access log list display is selected, a list 403 is displayed. When the access log tabulation is selected, the tabulation results 404 are output in descending order of viewing number. You can also sort again in ascending order. When the correlation display is selected, a correlation calculation result 405 is output. In these displays, the log analysis target period can be designated, for example, the calculation for the latest 24 hours or the calculation for the past month. The calculation result may be displayed in a graph.

  In output display, an easy-to-understand screen can be configured by referring to the content attribute information DB 223 using the content ID 306 as a key and inquiring about the content attributes such as the title and subtitle of the content.

  The identification data server 103 is accessed from the portal A server 101 and the A customer master data server 104. The A customer master data server 104 operates in cooperation with the identification data server 103. The management server B 105 is accessed from the portal B server 108.

  The A customer master table 501 is provided in the A customer master DB 121 of the A customer master data server 104. The A customer master table 501 stores user information including user personal information, as shown in FIG. The fields of the A customer master table 501 include the viewer ID 504, password 505, name 506, gender 507, date of birth 508, postal code 509, address 510, telephone number 511, identification flag 512, update date 513, and reserve 514. Prepare.

  Here, apart from the content distribution service performed in cooperation with the operator B in the present embodiment, the service V provided by the operator A is performed, and the viewer ID 504 is given to the user in the service V. ID uniquely assigned. The identification flag 512 is a flag indicating whether or not a member of the service V is joined. In this embodiment, attribute authentication is performed with the YES / NO attribute of the identification flag 512, but another attribute may be used, or a multi-bit identification flag may be used.

  The identification data table 502 is provided in the identification data DB 119 of the identification data server 103. As shown in FIG. 5B, the fields of the identification data table 502 include a viewer ID 515, A_ID 516, a pseudonym ID (P_ID) 517, customer identification data 518, and a random number 519. A_ID 516 is an ID given to a user in order to uniquely identify the user in the content distribution service. In the content distribution service, P_ID 517 is obtained by assigning a unique ID as a pseudonym when providing pseudonym information to a user in order for provider A to provide a service in cooperation with provider B.

  In the present embodiment, the business operator A gives the pseudonym information, but the business operator B may give it. If there is kana information such as an address 510 other than the kana ID, an additional field may be provided in the identification data table 502 and stored.

  The B customer table 503 is provided in the B customer DB 123 of the management server B105. As shown in FIG. 5C, the fields of the B customer table 503 include a B_ID 520, a terminal unique number 521, and a P_ID 522. B_ID is an ID assigned to a user in order to uniquely identify the user in the content distribution service. The terminal unique number 521 is a number that is registered for the operator B to perform terminal authentication, and is a terminal uniquely assigned to the viewer terminal 109 when the user accesses the portal B server 108. By transmitting the unique number and collating it with the terminal unique number 521 stored in the server, it can be used for access control and session management. In the content distribution service, P_ID 522 is assigned with a unique ID as a pseudonym when providing pseudonym information to a user in order for provider A to provide a service in cooperation with provider B.

  In the present embodiment, the encrypted pseudonym information given by the user A from the business operator A and stored in the viewer terminal 109 is decrypted, extracted, and stored in the DB 123. In addition to the above fields, additional fields such as name and address that are collected and managed by the company B may be managed in the table or as a separate table in association with the table.

  As shown in FIG. 6, the content attribute information table 609 includes fields of a content ID 601, a genre 602, a title name 603, a series name 604, a subtitle name 605, a broadcast date 606, and a content time 607. Furthermore, content attributes such as appearance, content, and file name may be provided in the same field, or may be provided in a separate table that can be managed in association with these.

  Next, a protocol and a processing flow used in the content distribution service system according to Embodiment 1 of the present invention will be described with reference to FIGS. 7 to 12 are diagrams showing a protocol and a processing flow used in the content distribution service system according to the first embodiment of the present invention. FIG. 7 is an initial setting protocol and a processing flow. FIG. 8 is a member registration protocol and a processing flow. 9 is a protocol and processing flow for associating IDs between providers, FIG. 10 is a protocol and processing flow for receiving services by end users, FIG. 11 is a protocol and processing flow for updating information (viewer terminal), FIG. Reference numeral 12 denotes an information update (server) protocol and processing flow.

  Prior to describing each detailed protocol, the identification method based on the ID system used in the present embodiment is organized. For a certain user X, four types of IDs according to applications and scenes, that is, A_ID 516, V_ID (viewer ID) 504, P_ID 517, and B_ID 520 are assigned. Further, a terminal unique number 521 is assigned to the viewer terminal 109 in advance.

  The business operator A assigns A_ID 516, V_ID (viewer ID) 504, and P_ID 517, and the business operator B assigns B_ID 520. The A_ID 516 is assigned for the business operator A to identify the user X in the content distribution service of the present embodiment. V_ID (viewer ID) 504 is identification information given by the operator A when the user X is a member of the service V in the service V performed by the operator A independently of the operator B.

  The procedure for authenticating the attribute of the user X for the membership of the service V will be described in detail later. The P_ID 517 is used to identify the user X when proceeding the process of cooperation between the provider A (portal A) and the provider B (portal B) in the content distribution service of the present embodiment. Details of the ID linkage processing will be described later in detail. The B_ID 520 is assigned for the business operator B to identify the user X.

  First, the default protocol is to exchange information by performing key exchange on the server side, so that the communication between servers can be performed in communication via the Internet or communication via the user's viewer terminal. Information can be prevented from eavesdropping and tampering.

  By performing initial registration of A_ID and B_ID through terminal unique number authentication registered in advance, it is possible to perform individualization processing of the viewer terminal. These individualization processes can be restored to the state before the individualization by the terminal individualization deletion process. These are protocols that can be used for a setup operation of a business operator when a viewer terminal that has been set up in advance by the business operator is distributed or sold to a user.

  As shown in FIG. 7A, the server initial registration protocol and processing flow are as follows. In step 701, the portal A server 101 creates a public key K_Ap for portal A and a secret key K_As for portal A. The portal B server 108 creates the public key K_Bp of the portal A and the secret key K_Bs of the portal A, and exchanges the respective public keys (K_Ap, K_Bp).

  Further, as shown in FIG. 7B, the terminal personalization protocol and processing flow are as follows. When a terminal personalization request is received from the user in step 703, the terminal unique number is received from the user X, and the portal B The server 108 is entrusted with terminal unique number authentication.

  In step 704, terminal unique number authentication processing is performed, and the result is returned to the portal A server 101.

  In step 705, the portal A uses it, and the business operator A issues an A_ID that uniquely identifies the user X, and registers it in the memory area of the viewer terminal 109.

  In step 706, the user X continues to access the portal B server 108, and the business operator B issues a B_ID that uniquely identifies the user X and registers it in the memory area of the viewer terminal 109.

  In step 707, the business operator A is notified that the personalization processing by the business operator B has been completed, and the initial registration procedure is completed.

  In steps 703 to 707, an example in which A_ID and B_ID are initially set in the viewer terminal 109 in advance before using the service is shown. However, these steps are individually performed in the flow of a series of content distribution service use procedures. You may use it.

  Further, as shown in FIG. 7C, the terminal individualization deletion protocol and processing flow are registered in the memory area of the viewer terminal 109 when a portal A resetting registration request is received from the user X in step 708. Delete the created A_ID.

  In step 709, when the processing on the portal A side ends, the screen control is transferred to the portal B side.

  In step 710, when the portal B reset registration request is received from the user X, the B_ID registered in the memory area of the viewer terminal 109 is deleted.

  In step 711, the resetting registration process ends.

  Further, in the content distribution service provided by the operator B, as a protocol and a processing flow when the user registers for use, as shown in FIG. 8, in step 801 and step 802, the viewer ID and password are input from the screen. Thus, the user who has accessed is authenticated. The viewer ID 504 and password 505 in the A customer master table 501 of the A customer master DB are collated with the contents transmitted from the user. Alternatively, a password corresponding to A_ID may be registered and used in advance.

  In step 807, information used for attribute authentication is stored in a memory in the viewer terminal 109 or a secure external storage medium.

  In step 802, a random number r is generated in step 803, and identification data (a, b) is created in step 804. Reference is made to the value F of the identification flag 512 corresponding to the viewer ID 504 in the A customer master table 501 of the A customer master DB (1/0: meaning of presence / absence of membership respectively). Using the one-way function HASH () and the character string combination operator (|), the two identification data a and b are calculated by the following equation.

a = HASH (r | F)
b = HASH (r | 1)
When the value F of the identification flag 512 corresponding to the viewer ID 504 of the user X is “1”, the user X has a membership and the values of a and b match. In the case of “0”, the user X has no membership and the values of a and b do not match. Since a one-way function is used, the value of F cannot be known from the value of a unless the value of the random number r is known. For this reason, for example, even if the value of the identification data a is outsourced to the third business operator and managed, the personal information F that identifies the membership can be safely protected. A_ID or the like may be further added to the character string combination target inside the one-way function.

  a is stored in the customer identification data 518 of the identification data table 502 of the identification data DB 119 of the identification data server 103. b is stored in the viewer terminal 109. At this time, b is identification data used for attribute authentication, and K_Ap (b, expiration date) is obtained by concatenating information indicating the expiration date used for authentication and encrypted with the public key of the operator A. is there. This information can be decrypted only by the portal A server 101 that holds the private key of the operator A, and b can be extracted. In step 805, the encryption process is performed.

  As the A_ID information in the output of step 805, the A_ID initially set in the viewer terminal may be used, or after the A_ID is newly issued and registered in association with the viewer ID, You may store (Cookie registration).

  Further, as shown in FIG. 9, as a protocol and a processing flow for linking IDs between business operators using kana information, as shown in FIG. 9, “a service in which portal B server 108 and portal A server 101 are linked using kana information is used. When there is a request to “receive”, the user accesses the portal A using the A_ID.

  In step 901, the portal A server 101 generates kana information and registers the kana ID (P_ID) in the identification data table 502 in association with the A_ID. Here, if there is a user's permission to use personal information and there is information that can be used other than the kana ID as the kana information, a part of the contents of the A customer master table 501 (for example, an address) is associated together. May be. At this time, a field for storing an address or the like is added to the identification data table 502.

  Further, in step 902, the portal A server 101 creates K_Bp (P_ID) obtained by encrypting this P_ID with the public key 208 of the operator B. K_Bp (P_ID) can be decrypted only by the private key 215 of the operator B, and this P_ID can be extracted only by the portal B server 108. K_Bp (P_ID) is carried to the portal B server 108 via the user. The user accesses the portal B server 108 using B_ID. The portal B server 108 decrypts the cipher and extracts the P_ID in step 904, and registers it in association with the B_ID. Here, if the user has permission to use personal information and there is information that can be used other than the kana ID as the kana information, the B customer table 503 may be expanded and associated together.

  As shown in FIG. 10, the service protocol and processing flow are as follows. In step 1001, the user accesses the portal B server 108, and undergoes terminal unique number authentication processing and / or processing 216 by the B_ID authentication means 216. .

  Thereafter, in step 1002, a content list can be acquired. The content list is created from the content attribute information DB 223 managed by the content distribution server 106. When the user selects content that the user wants to view, the content ID is specified.

  In step 1004, the portal B server 108 issues an attribute authentication request to the portal A server 101, and transmits K_Ap (b, expiration date), K_Ap (P_ID), and C_ID. K_Ap (P_ID) is obtained by encrypting P_ID with the public key 214 of the operator A in step 1005.

  In step 1006, portal A records log information such as a pseudonym ID (P_ID) and content ID (C_ID) in the access log table 301 and the intermediate table 302 of the access log DB 123 of the access log server 102. Further, the private key K_As 209 of the operator A is used to decrypt K_Ap (P_ID) to extract P_ID, and search for identification data a registered in the DB (identification data table 502) corresponding to P_ID. Further, K_Ap (b, expiration date) is decrypted to extract b.

  In step 1007, the portal B server 108 is informed of the result of checking the expiration date and comparing a and b.

  In Step 1008, if the portal B server 108 passes the attribute authentication, it is considered that the viewing permission for the content specified by the content ID (C_ID) has been obtained.

  In step 1009, a content distribution instruction is issued to the content distribution server. Further, it issues a license issuance instruction to the license issuance server as necessary. The user can view the content.

  Further, as information update (viewer terminal) protocol and processing flow, as shown in FIG. 11, the membership is canceled by the operator A, or the identification data on the viewer terminal 109 expires. For this reason, the registration information can be confirmed and updated from the viewer terminal 109 when the attribute authentication result is NG when using the service shown in FIG.

  In step 1101, the portal A server 101 is accessed using the A_ID, and the latest K_Ap (b, expiration date) is reissued. The portal A server 101 updates the identification data a 518 and the random number 519 of the corresponding DB contents (identification data table 502). In step 1102, the updated identification data b is stored in the viewer terminal. The basic processing in step 1101 is technically similar to the processing in step 802 in FIG.

  In addition, as shown in FIG. 12, the information update (server) protocol and processing flow are as follows. For the user having a certain viewer ID 504, the update of the identification flag 512 related to the generation of the identification data a and b is as follows. This is done by the administrator in steps 1201, 1202 and 1203 from the console of the A customer master data server 104.

  In step 1202, after the new identification flag 512 is set, the identification data a518 stored in the DB (identification data table 502) is updated to a new one. At this time, since the identification data b130 stored on the viewer terminal side remains old, a and b are different in the collation processing at the time of attribute authentication.

  Note that attribute authentication passes after the new identification data b corresponding to the new identification data a is stored in the viewer terminal 109 by the information update procedure using the viewer terminal shown in FIG.

  Next, basic operations performed by the user and the administrator of the content distribution service system according to Embodiment 1 of the present invention will be described with reference to FIGS. FIG. 13 is a diagram showing a list of basic operations performed by the user and the administrator of the content distribution service system according to the first embodiment of the present invention, and FIGS. 14 to 17 are content distribution service systems according to the first embodiment of the present invention. It is a figure which shows the detail of each operation which a user and an administrator perform.

  First, as shown in FIG. 13, there are the following nine types of basic operations performed by the user and the administrator.

○ Operation 001
・ Setup 1
(A) Portal A
(B) Portal B
○ Operation 002
・ Setup 2 (individualization of terminals)
○ Operation 003
Service usage registration (a) Initial procedure for attribute authentication (b) Initial procedure for ID linkage ○ Operation 004
-Selection of program for members (authentication OK) to video playback button ○ Action 005
・ Initialization of server / terminal ○ Operation 006
(A) Selection of program for members (authentication NG)
(B) Usage registration update (authentication OK)-Movie playback button (c) Management screen (Portal A)
○ Operation 007
・ Selecting programs for members (authentication NG)-Update usage registration (authentication NG) infinite loop-
○ Operation 008
・ Terminal unique number authentication error ○ Operation 009
Identification flag update In operations 001 and 002, the initial setting process shown in FIG. 7 is performed.

  In operation 003, as shown in FIG. 14, service usage registration is selected, and service usage registration is performed.

  In the operation 004, as shown in FIG. 15A, when the moving image distribution service is selected, the content is selected from the content list, and the P_ID is held, the content is reproduced by the reproduction operation.

  In the operation 005, as shown in FIG. 15B, initialization of the server / terminal is selected, and an operation of returning to the initial state of the content holder and the ISP is performed.

  As shown in FIG. 16, in the operation 006, first, in the operation 006 shown in FIG. 16A, the selection of the program for members in the member 006 becomes identification data verification NG, and in the case of authentication NG, FIG. The use registration update of the operation 006 (b) shown in FIG. 6 is performed, and the A customer master data server 104 performs the operation of the management screen (c) of the operation 006 shown in FIG.

  As shown in FIG. 17A, the operation 007 is a case where authentication for a member program is selected and the identification data verification NG is authentication NG, and the usage registration with the content folder is performed when the usage registration is updated and the authentication is NG. Loop until complete.

  As shown in FIG. 17B, the operation 008 is an error screen in the case of a terminal unique number authentication error operation.

  In operation 009, the information update process shown in FIGS. 11 and 12 is performed.

  Next, with reference to FIG. 18 to FIG. 20, states that can be taken by the viewer terminal and the server of the content distribution service system according to Embodiment 1 of the present invention, and state transitions will be described. 18 is an explanatory diagram showing states that can be taken by the viewer terminal and the server of the content distribution service system according to Embodiment 1 of the present invention, and FIG. 19 is a state transition of the content distribution service system according to Embodiment 1 of the present invention. FIG. 20 is an explanatory diagram for explaining an initial state of the state transition of the content distribution service system according to Embodiment 1 of the present invention.

  Main variables related to attribute information and kana information characterizing the content distribution service of the present embodiment include a terminal unique number, an identification flag (F), a kana (P_ID), and identification data (b). The terminal unique number, the identification flag (F), and the pseudonym (P_ID) are registered on the server side, and the identification data (b) is registered on the viewer terminal side. In the combination of values that these variables can take, the user status in the content distribution service can be defined in 10 ways as shown in FIG. If more detailed states are considered, the number of states may be increased.

  All users are “state 1” (or “state 2”) in the initial state. Through the combination of basic operations shown in FIG. 13, that is, according to the user's selection and request, the state can be freely changed. Finally, “state 9”, that is, the terminal unique number is authorized, the identification flag (F) becomes “1” or Yes, the pseudonym (P_ID) is issued, and the identification data (b) is set correctly. After entering the state, the state transitions to “state 10” and the content can be viewed.

  As shown in FIG. 19, in this embodiment, the state transition is made between state 1 and state 10 by the basic operation of operation 002 to operation 008 of FIG.

  Although there may be other state transitions by operation control, screen control, and DB control method slightly different from the present embodiment, transition from any state to any state can be easily realized.

  In addition, although there are ten states that the user can take as an initial state of the state transition, there are many states that pass through the user without being aware of them in a series of screen transitions. Although it may be possible to fall into a halfway state due to a failure such as a communication error, the screen transition and the state transition are usually interrupted by the user's judgment, and after a while, the operation for continuing the service use is resumed. The places where such usage scenes can be considered are the four states (states 2, 5, 6, and 9) in FIG.

  From the viewpoint that the user operation starts from this state, in the above-described screen transition, it is possible to expand functions for improving usability such as sandwiching a screen indicating the purpose of state continuation and the current state.

  As described above, in this embodiment, since the data between the portal A and the portal B is managed using the pseudonym, in the content distribution service system that distributes the digital content, a plurality of companies jointly provide the data. In the service, while protecting the privacy of the viewer, the trend of the viewer can be analyzed and reflected in the improvement of the service content.

(Embodiment 2)
The second embodiment is different from the first embodiment in how to handle the pseudonym ID.

  The configuration of the content distribution service system is the same as that of the first embodiment.

  First, from an operational point of view, there are permanent kana IDs and temporary kana IDs as types of kana IDs.

  In the first embodiment, a permanent kana ID is used as a base, and once this permanent kana ID is given, the same kana ID is used for the same user X for a certain long period of time. For example, the membership period can be used for one year as a membership renewal period, and the validity period is long.

  On the other hand, the temporary kana ID is an ID that is valid for a relatively short predetermined period, and a plurality of kana IDs are used for the same user X when viewed in a relatively long period. The temporary kana ID can be considered to be effective only for one session for viewing the content once. In the present embodiment, this temporary kana ID is used.

  The long and short period of validity of the kana ID is also related to its usage. In the case of audience rating tabulation, those whose ID validity period is longer than the tabulation period can be considered as permanent kana IDs and those whose IDs are short as temporary IDs. Rather than using a permanent kana ID, it is safer to use a temporary kana ID in the sense that it would be difficult for an unauthorized person performing eavesdropping or unauthorized access to decipher information.

  In analyzing user trends such as audience rating tabulation and content correlation calculation, more complicated processing is required when the temporary kana ID is used than when the permanent kana ID is used.

  Specifically, a means for specifying that a part of the log information having the temporary kana ID remaining in the database as a key is a log left by the same user X is required. Also, an issuance method that can specify the temporary kana ID is required.

  There are several methods that can implement user trend analysis using temporary kana IDs. The first method is that when there are n temporary kana IDs issued to the same user X, all these are associated with the permanent kana ID corresponding to the user X and stored in the database. It is to store and manage.

  Specifically, first, as a kana ID management table, a permanent kana ID and a temporary kana ID are provided in the field. Next, when issuing a temporary kana ID, after passing through the A_ID authentication means or the P_ID authentication means, a temporary kana ID (TP_ID) is issued to the user X, and TP_ID is stored in the kana ID management table. Record. Next, when the user receives a necessary service (views content) using the TP_ID, a record based on the TP_ID is recorded as a viewing log. Finally, when analyzing information from the viewing log, it is possible to aggregate the logs of the same viewer based on the permanent kana ID.

  A second method capable of realizing user trend analysis using a temporary kana ID will be described. The following variables are defined as preparation for explanation.

p: integer permanent kana ID
k: secret information of prime number larger than p r: random number q: temporary kana ID
For a user whose permanent kana ID is p, when generating the temporary kana ID q, use a random number generator that generates a different value each time:
q = p + k × r
Calculate with the following formula. In order to distinguish among a plurality of temporary kana IDs of the same user (a user whose permanent kana ID is p), a remainder t obtained by dividing q by k, that is:
t = q mod k
It can be determined whether the calculation result (t) obtained by the calculation formula is consistent with p of the permanent kana ID. Therefore, when information is analyzed from the viewing log, it is possible to aggregate the logs of the same viewer based on the permanent kana ID. As with the security of RSA encryption, if a large number is used for p, k, and r, it is practical to calculate a permanent kana ID even if some temporary kana ID (q) leaks information. I can't do it. Moreover, it is impossible to know information such as the user ID (A_ID) related to the permanent kana ID and the V_ID, name, and telephone number related to the A_ID.

  As described above, in the present embodiment, by using the temporary kana ID, it is possible to analyze the trend of the viewer and reflect the improvement in the service content while further protecting the privacy of the viewer.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  The present invention relates to a content distribution service system that distributes digital content, and can be applied to a system in which a plurality of companies cooperate to provide an information service while protecting privacy.

It is a block diagram which shows the structure of the content delivery service system which concerns on Embodiment 1 of this invention. It is a block diagram which shows the structure of the portal server and viewer terminal of the content delivery service system which concerns on Embodiment 1 of this invention. It is a block diagram which shows the structure of the access log server of the content delivery service system which concerns on Embodiment 1 of this invention. It is explanatory drawing for demonstrating the access log management screen of the access log server which concerns on Embodiment 1 of this invention. (A)-(c) is explanatory drawing for demonstrating the database table of A customer master data server, the identification data server, and management server B which concerns on Embodiment 1 of this invention. It is explanatory drawing for demonstrating the table in content attribute information DB of the content delivery server which concerns on Embodiment 1 of this invention. (A)-(c) is the protocol and processing flow of the initial setting used with the content delivery service system which concerns on Embodiment 1 of this invention. It is the protocol and processing flow of member registration used with the content delivery service system which concerns on Embodiment 1 of this invention. It is the protocol and process flow of ID linkage between providers used with the content delivery service system which concerns on Embodiment 1 of this invention. It is the protocol and processing flow with which the end user used by the content delivery service system which concerns on Embodiment 1 of this invention receives a service. It is the protocol and processing flow of the information update (viewer terminal) used with the content delivery service system which concerns on Embodiment 1 of this invention. It is the protocol and processing flow of the information update (server) used with the content delivery service system which concerns on Embodiment 1 of this invention. It is a figure which shows the list of basic operation which the user and administrator of the content delivery service system which concerns on Embodiment 1 of this invention perform. It is a figure which shows the detail of each operation which the user and administrator of the content delivery service system concerning Embodiment 1 of this invention perform. (A), (b) is a figure which shows the detail of each operation which the user and administrator of the content delivery service system concerning Embodiment 1 of this invention perform. (A)-(c) is a figure which shows the detail of each operation which the user and administrator of the content delivery service system concerning Embodiment 1 of this invention perform. (A), (b) is a figure which shows the detail of each operation which the user and administrator of the content delivery service system concerning Embodiment 1 of this invention perform. It is explanatory drawing which shows the state which the viewer terminal and server of the content delivery service system concerning Embodiment 1 of this invention can take. It is a state transition diagram for demonstrating the state transition of the content delivery service system which concerns on Embodiment 1 of this invention. It is explanatory drawing for demonstrating the initial state of the state transition of the content delivery service system which concerns on Embodiment 1 of this invention. It is explanatory drawing which showed the subject of the prior art and the positioning of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 101 ... Portal A server, 102 ... Access log server, 103 ... Identification data server, 104 ... A customer master data server, 105 ... Management server B, 106 ... Content distribution server, 107 ... License issuing server, 108 ... Portal B server, DESCRIPTION OF SYMBOLS 109 ... Viewer terminal, 110 ... Communication infrastructure, 111 ... Internet, 112 ... Fixed network connection apparatus, 113 ... Wireless network base station, 114 ... ID cooperation A means, 115 ... A encryption / decryption means, 116 ... Identification data calculation means, 117: Attribute authentication A means, 118 ... Identification data management means, 119 ... Identification data DB, 120 ... A customer data management means, 121 ... A customer master DB, 122 ... B customer data management means, 123 ... B customer DB, 124 ... B encryption / decryption means, 125 ... ID linkage B means, 126 ... service providing means 127: attribute authentication B means, 128 ... content, 129 ... content management means, 130 ... secret information, 131 ... access log analysis means, 132 ... access log DB, 201 ... DB control A means, 202 ... identification data update means, 203 ... User screen control A means, 204 ... A_ID authentication means, 205 ... P_ID authentication means, 206 ... Attribute collation A means, 207 ... ID cooperation A means, 208 ... Operator B public key, 209 ... Operator A public key / secret Key 210, A initial registration means 212 Attribute matching B means 213 ID linkage B means 214, operator A public key 215 operator B public / private key 216 B_ID authentication means 217 B initial registration means, 221 ... service providing means, 226 ... content viewer, 227 ... browser, 228 ... license acquisition means, 2 9 ... Local storage information 301 ... Access log table 302 ... Intermediate table 303 ... Viewing number table 304 ... Correlation table 319 ... Viewing number counting means 320 ... Correlation value counting means 321 ... Management screen / counting means 322 ... Viewing log list display means, 323 ... Viewing log total display means, 324 ... Correlation display means, 501 ... Customer master table, 502 ... Identification data table, 503 ... Customer table, 609 ... Content attribute information table.

Claims (4)

A content distribution service system that includes a viewer terminal, a portal A server, a portal B server, an identification data server, a customer master data server, and an access log server, and distributes digital content to the viewer terminal,
The customer master data server stores attribute information of a user who uses a viewer terminal,
The portal A server generates two types of identification data a and identification data b based on the attribute information stored in the customer master data server, stores the identification data a in the identification data server, and the viewer When the identification data b is stored in the terminal and the attribute authentication request for the user is requested, authentication is performed by comparing the identification data a and the identification data b, and the user attribute information of the customer master data server At the same time, the kana information is generated and stored in the identification data server, and when the portal A server has a use request to use the kana information on the portal B server, the kana information is sent to the user. Entrust the use with Portal B server,
The portal B server issues a permission to use the kana information to the user, and distributes the digital content managed by the portal A server to the user as it is,
The portal A server and the portal B server perform the portal A server service and the portal B server service in cooperation with each other based on the pseudonym information,
The access log server records the kana information and the digital content information as an access log when viewing the content by the user, and the plurality of access logs are logs by the same user based on the kana information. And analyzing the recorded access log and calculating the audience rating and the correlation between the contents. The content distribution service system according to claim 1,
The access log server includes a report for reflecting the user trend and the user preference in a content generation plan based on the calculated user rating and the user preference based on the correlation between contents, the user trend and A content distribution service system that outputs information reflecting the user's preference in a fee structure and information reflecting the user trend and the user's preference in an index screen system describing service contents. The content distribution service system according to claim 1,
The portal B server includes 4 of the authorization state of the terminal unique number of the viewer terminal, the value of the identification flag indicating the registration state of the user with the portal A server, the presence / absence of the pseudonym information, and the presence / absence of the identification data b. Due to the state transition based on the state variable of the type, the terminal unique number is authorized, the value of the identification flag becomes YES, the pseudonym information is issued, and content viewing is possible only in the completed state with the identification data b. A content distribution service system characterized by performing control that becomes possible. The content distribution service system according to claim 1,
When the access log of the access log server uses the temporarily generated pseudonym information as a key, the portal A server holds key information in advance, and there is a request for the pseudonym information. Is issued as a temporary kana information is the product of a random number generated each time and the key plus permanent kana information,
The access log server calculates the permanent kana information from the remainder obtained by dividing the temporary kana information by the key, and the same user having the same permanent kana information from the plurality of temporary kana information A content distribution service system characterized by identifying things.

Images